Skip to content

feat: hosted HTTPS MCP server for OpenAI Apps SDK submission #35

Description

@Harihara04sudhan

Goal

Build and deploy a hosted HTTPS MCP server that ChatGPT's Apps SDK can connect to. This is the gating requirement for the Apps SDK submission (target: Friday 2026-06-26).

Why

The current stdio MCP plugin (plugins/armorcodex/scripts/policy-mcp.mjs) is not acceptable for Apps SDK. OpenAI's submission form (platform.openai.com/apps-manage) requires:

  • Remote HTTPS MCP endpoint
  • Domain verification at .well-known/...
  • MCP tools/list response that matches what we declared in plugin metadata

Scope

Build a self-contained Node service under hosted-mcp/ that:

  1. Exposes the same 3 tools as the stdio plugin: policy_update, policy_read, register_intent_plan
  2. Speaks MCP Streamable HTTP transport (MCP SDK 1.27+)
  3. Serves the OpenAI domain verification token at the well-known path
  4. Has a /health endpoint for Cloud Run liveness
  5. In-memory state (demo mode) - no persistence for v1; reviewers see realistic policies via seeded defaults
  6. Auth: No Auth (form supports No Auth / Mixed Auth / OAuth; we ship No Auth for v1)

Deployment

  • Target: Cloud Run in GCP project armoriq-28d64 (region us-central1)
  • Custom domain: armorcodex.armoriq.ai
  • TLS: automatic via Cloud Run managed certs

Out of scope (defer until after Friday)

  • OAuth 2.1 (only needed if reviewers ask)
  • Multi-tenant persistence (current ArmorIQ backend can plug in later)
  • Audit pipeline (the stdio plugin's WAL flusher) - not relevant for hosted demo
  • Per-user policy state isolation

Refs #19

Metadata

Metadata

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions